REMARKS 



The rejections presented in the Office Action dated March 15, 2005 have 
been considered. The traversals of the claim rejections of the first Office Action and 
the arguments presented in response to those rejections are maintained and 
incorporated by reference in this response. Claims 1-13 remain pending in the 
application. Reconsideration and allowance of the application are respectfully 
requested. 

The Office Action Summary sheet indicates that objections are made to the 
specification and drawings. However, no explanation is provided in the detailed 
Remarks portion of the Office Action. Furthermore, the Office Action dated August 
30, 2004 did not state any objections to the specification or drawings. Therefore, no 
amendments to the specification and drawings are thought to be necessary. 

The Office Actions do not establish that claims 1-5 and 10-13 are anticipated 
under 35 USC §1 02(a) by "Aziz" (US patent 6,643,701 to Aziz et al.). The rejection 
is respectfully traversed because the Office Actions fail to show that Aziz teaches all 
the limitations of the claims. 

Claim 1 is directed to a method for managing sessions between mobile 
communication devices and an application program hosted on a data processing 
system with a gateway module that is coupled to the mobile communications 
devices and to the application program. The method includes generating at the 
gateway module respective first session identifiers upon receipt of initial requests 
from the mobile communication devices at the gateway module and transmitting the 
first session identifiers to the application program; associating the first session 
identifiers with corresponding second session identifiers from the application 
program at the gateway module; and in response to subsequent communications 
from the mobile devices to the application program, transmitting from the gateway 
module to the application program the second session identifiers that are associated 
with the first session identifiers of the mobile devices of the subsequent 
communications. These limitations are clearly not shown to be taught by Aziz. 

The recent Office Action asserts that Aziz's session keys correspond to the 
claimed first session identifier and second session identifier. However, Aziz's 
session keys do not identify a session. Rather, Aziz clearly teaches that a session 
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key is used to securely transmit information within a session. The Examiner 
incorrectly asserts that "One particular session of communication, out of many 
sessions, may be identified by the product of the key and the encrypted 
communications." This assertion is incorrect because the server must first 
determine which of the session keys to use for decryption before it can decrypt the 
data it receives. As far as Aziz is understood, when Aziz's server receives encrypted 
data, the session key is not received along with the received data. Thus, Aziz 
apparently uses some other mechanism to determine the correct session key before 
decrypting the received data. A key by itself does not identify anything; it is 
generally understood to unlock something. The something must be determined from 
some other source (e.g., a door key found in a parking lot does not identify the 
door). Therefore, Aziz's session keys are not shown to correspond to the claimed 
first and second session identifiers, nor is Aziz's use of session keys shown to 
correspond to the claimed use of the first and second identifiers. 

The Office Actions further fails to show that Aziz teaches the limitations of, in 
response to subsequent communications from the mobile devices to the application 
program, transmitting from the gateway module to the application program the 
second session identifiers that are associated with the first session identifiers of the 
mobile devices of the subsequent communications. Aziz's teachings at col. 2, 1. 56- 
65 and col. 8, 1. 28-32, and 48-56 are cited as teaching these limitations. However, 
even if Aziz's session key are assumed to corresponded to the claimed first and 
second identifiers, Aziz does not teach transmitting the second session identifiers. 
The cited portions of Aziz apparently teach that in initiating a session resumption, a 
client may identify itself to the server and indicate that it will continue to use the 
agreed upon keys from the previous handshaking. Thus, there is apparent need for, 
or teaching of retransmission of a session key from the client to the server. 

Claims 2-5 and 10-13 are not shown to be anticipated by Aziz for at least the 
reasons set forth above. 

The Office Action fails to establish that claims 6-9 are unpatentable under 35 
USC §103(a) over Aziz in view of "Sparks" (US patent number 6,167,382 to Sparks 
et al.). The rejection is respectfully traversed because the Office Action fails to show 



7 



that all the limitations are suggested by the references and fails to provide a proper 
motivation for modifying the teachings of Aziz with teachings of Sparks. 

Among other limitations claim 6 includes limitations of receiving checkout 
requests from the wireless communication devices at the gateway module and 
transferring the checkout requests to a wallet module that manages user 
authentication. The Office Action cites Sparks* col. 2, 1. 36-49. However, there is no 
apparent element in this portion of Sparks that corresponds to the gateway module 
at which checkout requests are received. Nor is there any apparent element that 
corresponds to the claimed wallet module to which the checkout requests are sent. 

Claim 7 depends claim 6 and is not shown to be unpatentable for at least the 
reasons set forth above. 

Claim 8 depends from claim 7 and includes further the limitations: in 
response to a payment request from a wireless communications device, transmitting 
the payment request from the gateway module to the merchant application, 
disassociating the wireless session identifier from the corresponding merchant 
session identifier, and generating a new wireless session identifier for the wireless 
communications device when another initial request is received from the wireless 
communications device. As explained above in regards to claim 6, Sparks is not 
shown to teach the claimed gateway module and operations thereof. 

Claim 9 depends from claim 8 and is not shown to be unpatentable for at 
least the reasons set forth above. 

Th e rejection of claims 6-9 over the Aziz-Sparks combination should be 
withdrawn because the Office Action fails to show all the limitations are suggested 
by the combination and the alleged motivation for combining the references is 
conclusory. 

Withdrawal of the rejections and reconsideration of the claims are respectfully 
requested in view of the remarks set forth above. 
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